{"id":2967,"date":"2024-01-12T11:54:40","date_gmt":"2024-01-12T03:54:40","guid":{"rendered":"https:\/\/blog.billows.com.tw\/?p=2967"},"modified":"2024-01-12T11:55:43","modified_gmt":"2024-01-12T03:55:43","slug":"%e7%be%8e%e5%9c%8bcisa%e5%b0%87-ivanti-connect-secure-%e5%92%8c-microsoft-sharepoint-%e6%bc%8f%e6%b4%9e%e6%96%b0%e5%a2%9e%e8%87%b3%e5%85%b6%e5%b7%b2%e7%9f%a5%e9%81%ad%e6%bf%ab%e7%94%a8%e4%b9%8b","status":"publish","type":"post","link":"https:\/\/blog.billows.com.tw\/?p=2967","title":{"rendered":"\u7f8e\u570bCISA\u5c07 Ivanti Connect Secure \u548c Microsoft SharePoint \u6f0f\u6d1e\u65b0\u589e\u81f3\u5176\u5df2\u77e5\u906d\u6feb\u7528\u4e4b\u6f0f\u6d1e\u6e05\u55ae \u806f\u90a6\u6a5f\u69cb\u9808\u65bc2024 \u5e74 1 \u6708 31 \u65e5\u524d\u4fee\u88dc\u9019\u4e9b\u6f0f\u6d1e"},"content":{"rendered":"\n
\"\"
Photo Credit: CISA<\/figcaption><\/figure>\n\n\n\n

1 \u6708 11 \u65e5\uff0c\u7f8e\u570b\u7db2\u8def\u5b89\u5168\u8207\u57fa\u790e\u8a2d\u65bd\u5b89\u5168\u5c40 (CISA) (Known Exploited Vulnerabilities (KEV) catalog<\/a>)\u65b0\u589e\u4e86 Ivanti Connect Secure \u548c Policy Secure \u6f0f\u6d1e\uff08\u7de8\u865f\u70baCVE-2024-21887<\/a>\u548cCVE-2023-46805<\/a>\uff09\u4ee5\u53ca Microsoft SharePoint Server \u6f0f\u6d1e(\u7de8\u865f\u70baCVE- 2023-29357<\/a>) \u5728\u5176\u5df2\u77e5\u906d\u6feb\u6f0f\u6d1e\u6e05\u55ae\u4e2d\u3002<\/p>\n\n\n\n

1 \u6708 10 \u65e5\uff0c\u8edf\u9ad4\u516c\u53f8 Ivanti<\/a>\u5831\u544a\u7a31\uff0c\u99ed\u5ba2\u5728\u5229\u7528\u5176 Connect Secure (ICS) \u548c Policy Secure \u4e2d\u7684\u5169\u500b\u96f6\u65e5\u6f0f\u6d1e\uff08CVE-2023-46805\u3001CVE-2024-21887\uff09\u5728\u76ee\u6a19\u7db2\u95dc\u4e0a\u57f7\u884c\u9060\u7aef\u4efb\u610f\u547d\u4ee4\u3002\u6f0f\u6d1e\u7de8\u865f\u70ba CVE-2023-46805\uff0c\u56b4\u91cd\u7a0b\u5ea6\u8a55\u5206\u70ba 8.2\u3002\u5b83\u5141\u8a31\u99ed\u5ba2\u300c\u900f\u904e\u7e5e\u904e\u63a7\u5236\u6aa2\u67e5\u4f86\u5b58\u53d6\u53d7\u9650\u8cc7\u6e90\u300d\u3002\u53e6\u4e00\u500b\u6f0f\u6d1e CVE-2024-21887 \u53ef\u5354\u52a9\u653b\u64ca\u8005\u5411\u8a2d\u5099\u767c\u9001\u547d\u4ee4\uff0c\u56b4\u91cd\u7a0b\u5ea6\u70ba 9.1\u3002\u653b\u64ca\u8005\u53ef\u4ee5\u9023\u7d50\u9019\u5169\u500b\u6f0f\u6d1e\uff0c\u5411\u672a\u4fee\u88dc\u7684\u7cfb\u7d71\u767c\u9001\u7279\u88fd\u8acb\u6c42\u4e26\u57f7\u884c\u4efb\u610f\u547d\u4ee4\u3002<\/p>\n\n\n\n

Ivanti \u767c\u5e03\u7684\u516c\u544a\uff0c\u5982\u679c CVE-2024-21887 \u8207 CVE-2023-46805 \u7d50\u5408\u4f7f\u7528\uff0c\u5229\u7528\u6f0f\u6d1e\u53ef\u4e0d\u9700\u8981\u8eab\u4efd\u9a57\u8b49\uff0c\u4e26\u4f7f\u99ed\u5ba2\u80fd\u5920\u88fd\u4f5c\u60e1\u610f\u8acb\u6c42\u4e26\u5728\u7cfb\u7d71\u4e0a\u57f7\u884c\u4efb\u610f\u547d\u4ee4\u3002\u8a72\u516c\u53f8\u6b63\u5728\u63d0\u4f9b\u7de9\u89e3\u63aa\u65bd\uff0c\u4e26\u78ba\u8a8d\u6b63\u5728\u958b\u767c\u5b89\u5168\u4fee\u88dc\u7a0b\u5f0f\uff0c\u6700\u7d42\u4fee\u88dc\u5c07\u65bc 2 \u6708 19 \u65e5\u5167\u767c\u5e03\u3002<\/p>\n\n\n\n

\u53e6\u5916\uff0c\u8cc7\u5b89\u516c\u53f8Volexity<\/a> \u7814\u7a76\u4eba\u54e1\u89c0\u5bdf\u5230\u99ed\u5ba2\u5df2\u7a4d\u6975\u5728\u5229\u7528\u9019\u5169\u500b\u96f6\u65e5\u6f0f\u6d1e\u30022023 \u5e74 12 \u6708\uff0cVolexity \u8abf\u67e5\u4e86\u4e00\u6b21\u653b\u64ca\uff0c\u653b\u64ca\u8005\u5229\u7528\u9019\u4e9b\u6f0f\u6d1e\u5728\u591a\u500b\u5167\u90e8\u548c\u9762\u5411\u5916\u90e8\u7684 Web \u4f3a\u670d\u5668\u4e0a\u653e\u7f6e Webshel\u200b\u200bl\u3002<\/p>\n\n\n\n

\u6b64\u5916\u65b0\u589e\u81f3 CISA KEV \u6e05\u55ae\u7684\u7b2c\u4e09\u500b\u6f0f\u6d1e\u662f Microsoft SharePoint Server \u6b0a\u9650\u5347\u7d1a\u6f0f\u6d1eCVE-2023-29357<\/a>\uff0c\u672a\u7d93\u8eab\u4efd\u9a57\u8b49\u7684\u653b\u64ca\u8005\u7372\u5f97\u507d\u9020 JWT (JSON Web Token)\u8eab\u4efd\u9a57\u8b49\u4ee4\u724c\u5b58\u53d6\u6b0a\u9650\uff0c\u4f7f\u7528\u5b83\u5011\u4f86\u57f7\u884c\u7e5e\u904e\u8eab\u4efd\u9a57\u8b49\u7684\u7db2\u8def\u653b\u64ca\uff0c\u4e26\u5141\u8a31\u4ed6\u5011\u7372\u5f97\u7d93\u904e\u8eab\u4efd\u9a57\u8b49\u7684\u7528\u6236\u7684\u6b0a\u9650\u3002\u6f0f\u6d1e\u53ef\u5141\u8a31\u672a\u7d93\u8eab\u4efd\u9a57\u8b49\u7684\u653b\u64ca\u8005\u5728\u6210\u529f\u5229\u7528\u4e0d\u9700\u8981\u4f7f\u7528\u8005\u4e92\u52d5\u7684\u4f4e\u8907\u96dc\u5ea6\u653b\u64ca\u5f8c\u7372\u5f97\u7ba1\u7406\u6b0a\u9650\u3002<\/p>\n\n\n\n

\u6839\u64da\u7d04\u675f\u6027\u64cd\u4f5c\u6307\u4ee422-01( Binding Operational Directive 22-01 ) \uff0c\u5728 CISA \u516c\u5e03\u65b0\u7684\u5df2\u906d\u7528\u65bc\u653b\u64ca\u6f0f\u6d1e\u6642\uff0c\u6240\u6709\u7f8e\u570b\u806f\u806f\u90a6\u6587\u8077\u884c\u653f\u90e8\u9580 (Federal Civilian Executive Branch-FCEB)\uff0c\u90fd\u5fc5\u9808\u91dd\u5c0d\u76f8\u95dc\u6f0f\u6d1e\u9032\u884c\u8655\u7406\uff0c\u5728\u622a\u6b62\u65e5\u671f\u524d\u89e3\u6c7a\u5df2\u8b58\u5225\u7684\u6f0f\u6d1e\uff0c\u4ee5\u4fdd\u8b77\u5176\u7db2\u8def\u514d\u53d7\u5229\u7528\u6e05\u55ae\u4e2d\u7684\u6f0f\u6d1e\u653b\u64ca\uff0c\u5c08\u5bb6\u4e5f\u5efa\u8b70\u79c1\u4eba\u6a5f\u69cb\u5be9\u67e5KEV\u6e05\u55ae\u4e26\u89e3\u6c7a\u5176\u57fa\u790e\u8a2d\u65bd\u4e2d\u7684\u6f0f\u6d1e\u3002<\/p>\n\n\n\n

CISA \u547d\u4ee4\u806f\u90a6\u6a5f\u69cb\u5728 2024 \u5e74 1 \u6708 31 \u65e5\u4e4b\u524d\u4fee\u5fa9\u4ee5\u4e0a\u4e09\u500b\u6f0f\u6d1e\u3002<\/p>\n\n\n\n

Ivanti Connect Secure\u6f0f\u6d1e\u7684\u90e8\u5206\u5165\u4fb5\u6307\u6a19(Indicator of compromise -IOCs):
206.189.208.156
gpoaccess[.]com
webb-institute[.]com
symantke[.]com
75.145.243.85
71.127.149.194
173.53.43.7<\/p>\n","protected":false},"excerpt":{"rendered":"

1 \u6708 11 \u65e5\uff0c\u7f8e\u570b\u7db2\u8def\u5b89\u5168\u8207\u57fa\u790e\u8a2d\u65bd\u5b89\u5168\u5c40 (CISA) (Known Exploited Vu READ MORE<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[191],"class_list":["post-2967","post","type-post","status-publish","format-standard","hentry","category-6","tag-cisa"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/2967","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2967"}],"version-history":[{"count":2,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/2967\/revisions"}],"predecessor-version":[{"id":2970,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/2967\/revisions\/2970"}],"wp:attachment":[{"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2967"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2967"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2967"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}